The Facebook data scandal rocked the internet world, and many thought that Google was the next in line to be asked data privacy questions.
Advertisement
Encryption makes it much more hard for hackers to make any connection between data and its subject. Facebook were included in this and are now under investigation for their failure to protect their users’ data which may have led to 87 million users’ data being taken without permission.
Last week, Microsoft announced that it released a preview of a new Data Subject Access Request interface in the Security and Compliance Center via a new tab addition, as well as in the Azure Portal. Earlier this year, a survey ForgeRock commissioned found that 57% of United Kingdom consumers worry about how much personal data they have shared online, while 63% feel they know little or nothing about their rights regarding their own data. “Doing this can definitely bring benefits to an organisation, and my view is that GDPR shouldn’t be seen just as compliance red tape and an additional burden, but as a framework for using data responsibly”.
The EU General Data Protection Regulation (GDPR) was adopted throughout the European Union (EU) in April 2016.
From my observations, USA -based companies are not taking GDPR seriously enough. While client data can be pseudonymised, or otherwise defended, it may not be able to satisfy GDPR’s “right to be forgotten” requirement.
To build consumer trust, organisations need to adopt a new philosophy around personal data – one that involves the customer with their own data and empowers them with the option to dynamically control the amount and type of data that is shared.
It’s valuable to earn GDPR compliance sooner rather than later.
Two main groups will be affected by GDPR: “controllers” of data, and “processors” of data.
According to SAR guidelines from the ICO, an individual should have the personal data held on them described, be told whether their personal data is being processes, be told why it’s being processed, be told if that data is being sent anywhere else, and be given a copy the data and details of its sourcing. EPP can also learn the behavior of your organization’s endpoints and identify any malicious behavior without a query to an anti-virus signature database. Having done this, companies should then send out an information notice to its data subjects, informing them of the information held, legal basis, goal and how to opt-out. They must also brief and train their staff, so they are aware and aligned. “These fines are really big and should be motivating to think about data protection”, said Petersone.
On an ongoing basis, good database management is absolutely essential.
Advertisement
For those companies that have already worked to the highest standards of data protection, the changes required to comply with GDPR should be minimal. If GDPR leads to fewer breaches and better relationships between businesses and their customers/users, then we could well see the USA shift its traditionally laissez faire attitude towards one that puts consumer privacy first. Businesses are more likely to handle a greater volume of data and therefore must ensure they have stringent controls in place to secure this. The “compliance stick” is forcing organisations to take data governance more seriously which in turn produces a more business lead approach.
